Guide on How to Configure a Draytek 2820 Router Firewall for Use With the 3CX Phone System

Introduction

This document describes the configuration of a Draytek 2820 for the use with 3CX Phone System. We will take look into the NAT configuration necessary for 3CX Phone System and the QoS configuration to prioritize SIP and RTP traffic. The firmware version tested was version 3.3.3 dated 23 October 2009.

Status

In general Draytek routers are know to work correctly and can be used as gateway in front of a 3CX Phone System to connect Voip Provider, direct Remote Extensions (STUN) and 3CX Tunnel connections. Take extra care when following this guide.

The status of this type of firewall is “Supported”.
Nat Type: Not tested

Disclaimer

Configuration of the firewall will never be carried out by the 3CX Staff at any point and must be made by the System-Administrator of the company. You must understand the risk of opening ports to the World Wide Web. Read https://www.3cx.com/blog/docs/securing-hints/ for more information and agree with the terms stated. The provided guide is based on the best known effort to configure the device(s). 3CX is not liable for any misguidance may made in this guide.

NAT Configuration

Disable SIP ALG

You first need to disable SIP ALG on your Draytek Router by following the steps outlined below:

Open a Command Prompt and telnet to the Draytek router by typing the following command: >telnet IP-Vigor_Router

Enter the following commands to disable the SIP ALG Handler on the device:
>sys sip_alg 0
>sys commit

If you are using a Vigor2750 or a Vigor2130 use the following steps:

Open a Command Prompt and telnet to the Draytek router by typing the following command: >telnet IP-Vigor_Router

Port Forwarding

Browse to the Router’s Web Interface (the device’s default IP Address is 192.168.1.1).

Go to the “NAT -> Open Ports” menu

In this example, 3CX PhoneSystem is installed on a server with IP Address 192.168.1.200, and the Draytek is connected to the Internet via the WAN1 interface. Go to the first free position in the “Open Port” menu, and configure as follows:

Ensure the “Enable Open Ports” checkbox is enabled

Set the “Comment” field to “3CX”

Set the “WAN Interface” field to “WAN1”

Set the “Local Computer” field to the IP Address of the 3CX PhoneSystem machine (in this example 192.168.1.200)

Set the first line as follows:

Set the “Protocol” field to “TCP”

Set the “Start Port” and “End Port” fields to “5000” if Abyss Webserver or “80” if IIS Web Server

Set the second line as follows:

Set the “Protocol” field to “TCP”

Set the “Start Port and “End Port” fields to “5001” if Abyss Webserver or “443” if IIS Web Server

Set the third line as follows:

Set the “Protocol” field to “TCP/UDP”

Set the “Start Port and “End Port” fields to “5060“.

Set the fourth line as follows:|

Set the “Protocol” field to “TCP”

Set the “Start Port and “End Port” fields to “5061“.

Set the fifth line as follows:

Set the “Protocol” field to “UDP”

Set the “Start Port” field to “9000” and the “End Port” field to “9500“

Set the sixth line as follows:

Set the “Protocol” field to “TCP/UDP”

Set the “Start Port and “End Port” fields to “5090“

Click on the “OK” button at the bottom of the page.

This will send you back to the “Open Ports” summary page.

QoS Configuration

To configure the Quality of Service part of the Draytek 2820 please follow the next Steps

1. Bandwidth Management – Quality of Service

Browse to the Router’s Web Interface (the device’s default IP Address is 192.168.1.1).

Go to the “Bandwidth Management -> Quality of Service” menu. The first thing that we need to define the ports and services used by 3CX Phone System. Proceed as follows: